debug(DBG_DBG, "tlsserverrd: starting for %s", addr2string(client->addr));
- if (pthread_create(&tlsserverwrth, NULL, tlsserverwr, (void *)client)) {
+ if (pthread_create(&tlsserverwrth, &pthread_attr, tlsserverwr, (void *)client)) {
debug(DBG_ERR, "tlsserverrd: pthread_create failed");
return;
}
SSL_CTX *ctx = NULL;
unsigned long error;
struct client *client;
+ struct tls *accepted_tls = NULL;
s = *(int *)arg;
if (getpeername(s, (struct sockaddr *)&from, &fromlen)) {
cert = verifytlscert(ssl);
if (!cert)
goto exit;
+ accepted_tls = conf->tlsconf;
}
while (conf) {
- if (verifyconfcert(cert, conf)) {
- X509_free(cert);
- client = addclient(conf, 1);
- if (client) {
- client->ssl = ssl;
- client->addr = addr_copy((struct sockaddr *)&from);
- tlsserverrd(client);
- removeclient(client);
- } else
- debug(DBG_WARN, "tlsservernew: failed to create new client instance");
- goto exit;
- }
- conf = find_clconf(handle, (struct sockaddr *)&from, &cur);
+ if (accepted_tls == conf->tlsconf && verifyconfcert(cert, conf)) {
+ X509_free(cert);
+ client = addclient(conf, 1);
+ if (client) {
+ client->ssl = ssl;
+ client->addr = addr_copy((struct sockaddr *)&from);
+ tlsserverrd(client);
+ removeclient(client);
+ } else
+ debug(DBG_WARN, "tlsservernew: failed to create new client instance");
+ goto exit;
+ }
+ conf = find_clconf(handle, (struct sockaddr *)&from, &cur);
}
debug(DBG_WARN, "tlsservernew: ignoring request, no matching TLS client");
if (cert)
debug(DBG_WARN, "accept failed");
continue;
}
- if (pthread_create(&tlsserverth, NULL, tlsservernew, (void *)&s)) {
+ if (pthread_create(&tlsserverth, &pthread_attr, tlsservernew, (void *)&s)) {
debug(DBG_ERR, "tlslistener: pthread_create failed");
shutdown(s, SHUT_RDWR);
close(s);